--- deliantra/server/common/utils.C 2008/09/10 21:29:39 1.81 +++ deliantra/server/common/utils.C 2009/10/11 01:35:53 1.87 @@ -34,6 +34,7 @@ #include #include +#include #include #include @@ -53,7 +54,7 @@ state [3] = state [2] * 69069U; if (state [0] < 128U) state [0] += 128U; for (int i = 11; --i; ) - operator ()(); + next (); } uint32_t @@ -67,19 +68,24 @@ return state [0] ^ state [1] ^ state [2] ^ state [3]; } +template uint32_t -tausworthe_random_generator::get_range (uint32_t num) +random_number_generator::get_range (uint32_t num) { - return (next () * (uint64_t)num) >> 32U; + return (this->next () * (uint64_t)num) >> 32U; } // return a number within (min .. max) +template int -tausworthe_random_generator::get_range (int r_min, int r_max) +random_number_generator::get_range (int r_min, int r_max) { return r_min + get_range (max (r_max - r_min + 1, 0)); } +template struct random_number_generator; +template struct random_number_generator; + /* * The random functions here take luck into account when rolling random * dice or numbers. This function has less of an impact the larger the @@ -202,9 +208,9 @@ /* convert materialname to materialtype_t */ materialtype_t * -name_to_material (const shstr &name) +name_to_material (const shstr_cmp name) { - for (materialtype_t *mt = materialt; mt && mt->next; mt = mt->next) + for (materialtype_t *mt = materialt; mt; mt = mt->next) if (name == mt->name) return mt; @@ -220,10 +226,10 @@ materialtype_t *mt; int j; - if (op->materialname == NULL) + if (!op->materialname) return; - if (change->materialname != NULL && strcmp (op->materialname, change->materialname)) + if (op->materialname != change->materialname) return; if (!op->is_armor ()) @@ -253,14 +259,16 @@ { materialtype_t *mt, *lmt; - if (op->materialname != NULL) + if (!op->materialname) return; - if (nmt == NULL) + if (nmt) + lmt = nmt; + else { - lmt = NULL; + lmt = 0; - for (mt = materialt; mt && mt->next; mt = mt->next) + for (mt = materialt; mt; mt = mt->next) if (op->materials & mt->material && rndm (1, 100) <= mt->chance && difficulty >= mt->difficulty && (op->magic >= mt->magic || mt->magic == 0)) { @@ -269,10 +277,8 @@ break; } } - else - lmt = nmt; - if (lmt != NULL) + if (lmt) { if (op->stats.dam && op->is_weapon ()) { @@ -444,6 +450,27 @@ return; } +/******************************************************************************/ + +/* Checks a player-provided string which will become the msg property of + * an object for dangerous input. + */ +bool +msg_is_safe (const char *msg) +{ + bool safe = true; + + /* Trying to cheat by getting data into the object */ + if (!strncmp (msg, "endmsg", strlen ("endmsg")) || strstr (msg, "\nendmsg")) + safe = false; + + /* Trying to make the object talk, and potentially access arbitrary code */ + if (object::msg_has_dialogue (msg)) + safe = false; + + return safe; +} + ///////////////////////////////////////////////////////////////////////////// void @@ -451,8 +478,6 @@ { if (!fork ()) { - fprintf (stderr, "background fork_abort in progress, remove me when debugged.\n");//D - signal (SIGINT , SIG_IGN); signal (SIGTERM, SIG_IGN); signal (SIGABRT, SIG_IGN); @@ -558,28 +583,33 @@ /******************************************************************************/ -void assign (char *dst, const char *src, int maxlen) +int +assign (char *dst, const char *src, int maxsize) { if (!src) src = ""; int len = strlen (src); - if (len >= maxlen - 1) + if (len >= maxsize) { - if (maxlen <= 4) + if (maxsize <= 4) { - memset (dst, '.', maxlen - 1); - dst [maxlen - 1] = 0; + memset (dst, '.', maxsize - 2); + dst [maxsize - 1] = 0; } else { - memcpy (dst, src, maxlen - 4); - memcpy (dst + maxlen - 4, "...", 4); + memcpy (dst, src, maxsize - 4); + memcpy (dst + maxsize - 4, "...", 4); } + + len = maxsize; } else - memcpy (dst, src, len + 1); + memcpy (dst, src, ++len); + + return len; } const char *